make tarfile.py error out on invalid crypto modes and combos

The tarfile stream ctor will simply gloss over encryption
requested by the caller unless it happens to exactly match the
string (!) “aes”. Furthermore, with non-gzip compression the
encryption will be ignored altogether.

Instead of deceiving the user about the encryption being applied,
have the ctor fail immediately on invalid combinations.

diff --git a/deltatar/tarfile.py b/deltatar/tarfile.py
index 07c33f8..8e937b4 100644 (file)
--- a/deltatar/tarfile.py
+++ b/deltatar/tarfile.py
@@ -53,7 +53,8 @@ import copy
 import re
 import operator
 
-from . import aescrypto
+#from . import aescrypto
+from . import crypto
 
 try:
     import grp, pwd
@@ -148,6 +149,8 @@ PAX_NUMBER_FIELDS = {
     "size": int
 }
 
+VALID_ENCRYPTION_MODES = [ "aes" ]
+
 #---------------------------------------------------------
 # initialization
 #---------------------------------------------------------
@@ -308,6 +311,9 @@ class InvalidHeaderError(HeaderError):
 class SubsequentHeaderError(HeaderError):
     """Exception for missing and invalid extended headers."""
     pass
+class InvalidEncryptionError(TarError):
+    """Exception for undefined crypto modes and combinations."""
+    pass
 
 #---------------------------
 # internal stream interface
@@ -343,6 +349,7 @@ class _LowLevelFile:
     def tell(self):
         return self.offset
 
+
 class _Stream:
     """Class that serves as an adapter between TarFile and
        a stream-like object.  The stream-like object only
@@ -393,6 +400,9 @@ class _Stream:
         self.bytes_written = 0
 
         try:
+            if enctype != "" and enctype not in VALID_ENCRYPTION_MODES:
+                raise InvalidEncryptionError("unsupported encryption mode %r"
+                                             % enctype)
             if comptype == "gz":
                 try:
                     import zlib
@@ -401,8 +411,8 @@ class _Stream:
                 self.zlib = zlib
                 if mode == "r":
                     if self.enctype == 'aes':
-                        self.encryption = aescrypto.AESCrypt(self.password,
-                                                            key_length=self.key_length)
+                        self.encryption = crypto.AES_GCM_context(self.password,
+                                                                 key_length=self.key_length)
                     self._init_read_gz()
                     self.exception = zlib.error
                 else:
@@ -410,6 +420,10 @@ class _Stream:
                 self.crc = zlib.crc32(b"") & 0xFFFFffff
 
             elif comptype == "bz2":
+                if self.enctype != "":
+                    raise InvalidEncryptionError("encryption mode %r not "
+                                                 "available for compression %s"
+                                                 % (enctype, comptype))
                 try:
                     import bz2
                 except ImportError:
@@ -422,6 +436,10 @@ class _Stream:
                     self.cmp = bz2.BZ2Compressor()
 
             elif comptype == 'xz':
+                if self.enctype != "":
+                    raise InvalidEncryptionError("encryption mode %r not "
+                                                 "available for compression %s"
+                                                 % (enctype, comptype))
                     try:
                         import lzma
                     except ImportError:
@@ -441,6 +459,10 @@ class _Stream:
                     self.__write_to_file(self.encryption.salt_str)
 
             elif comptype != "tar":
+                if self.enctype != "":
+                    raise InvalidEncryptionError("encryption mode %r not "
+                                                 "available for compression %s"
+                                                 % (enctype, comptype))
                 raise CompressionError("unknown compression type %r" % comptype)
 
         except: